In a conventional network system, a plurality of devices may be coupled via a network (e.g., an intranet, internet and/or the like). Software executed by some or all of the devices may establish a client-server relationship among the devices. A client refers to client software executed on a device, and a server refers to server software executed on a device. A single device may execute multiple clients and/or servers.
Using a client, a user may want to access data from one or more servers via the network. Typically, when using the client to access data from a server, the user must provide authentication data to the server. For example, when a user wants to access data from the server of the system, the client may be required to sign on (e.g., provide a username and password) to the server.
To reduce the number of times a user is asked to sign on, some conventional systems may implement single sign on functionality (SSO). When configured properly, a client employed by the user may be required to enter authentication data to access a server of the system. Thereafter, the user is not required to sign on when accessing any remaining server in the network.
SSO is configured at a server level. For example, to configure SSO, authentication data such as a lightweight third-party authentication (LTPA) key may be generated and exported to each device serving as an application server of the system. The key may indicate devices included in the system that will implement SSO.
When a user wishes to access an application on an application server, the user may type a URL on a browser executed on a client. The URL is directed to an HTTP server, which attempts to access the SSO-enabled application server. The application server will provide a token that is associated with the key to the HTTP server, which passes the token back to the browser. Thereafter, when the user navigates from the browser to another web or application server in the SSO environment, the user is not required to sign on. For example, the user may navigate from the HTTP server to another HTTP server that serves a different application server in the SSO environment. The token is provided to the other HTTP server, which provides the token to the other application server. The application server will accept the token without requiring the user to sign on.
However, because SSO employed by such conventional software and systems is employed at the server and application server level, a configuration provided thereby is coarse. More specifically, such SSO may not be configured differently for each client. For example, such conventional SSO cannot indicate when a user is required to sign on to access data and when the client is not required to sign on to access data based on the client employed. Consequently, improved SSO functionality is desired.